What the company did was to off-load the task of trying new passwords to a graphics processor, specifically an nVidia GoForce board. The graphics chip is designed to race through such simple tasks, so ElcomSoft says it can crack passwords 25 times faster than any system using a main chip.

This means that passwords are not safe. Not safe enough for medical records anyway.

One possible solution is to use real keys, to embed a digital signature in a stick memory that the doctor or pharmacist carries around. There are already password programs like RoboForm which run on stick memories. Outfitting such a program with a full 140-digit or 145-digit digital key is not a big deal.

But now, in a way, we're back to square one. Keys can get lost. They can get stolen. They can be misused. How do you authenticate that the user of a key is the person who is entitled to use the key?

The policy question of electronic records, then, meets squarely with the technical question of protecting passwords or digital signatures. In order for the first to proceed, the second has to be solved in a standard manner which everyone agrees to and which is inexpensive to implement.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.